11 results (0.018 seconds)

CVSS: 8.8EPSS: 1%CPEs: 3EXPL: 0

An arbitrary file write vulnerability was found in GNU gzip's zgrep utility. When zgrep is applied on the attacker's chosen file name (for example, a crafted file name), this can overwrite an attacker's content to an arbitrary attacker-selected file. This flaw occurs due to insufficient validation when processing filenames with two or more newlines where selected content and the target file names are embedded in crafted multi-line file names. This flaw allows a remote, low privileged attacker to force zgrep to write arbitrary files on the system. Se encontró una vulnerabilidad de escritura arbitraria de archivos en la utilidad zgrep de GNU gzip. • https://access.redhat.com/security/cve/CVE-2022-1271 https://bugzilla.redhat.com/show_bug.cgi?id=2073310 https://git.tukaani.org/?p=xz.git%3Ba=commit%3Bh=69d1b3fc29677af8ade8dc15dba83f0589cb63d6 https://lists.gnu.org/r/bug-gzip/2022-04/msg00011.html https://security-tracker.debian.org/tracker/CVE-2022-1271 https://security.gentoo.org/glsa/202209-01 https://security.netapp.com/advisory/ntap-20220930-0006 https://tukaani.org/xz/xzgrep-ZDI-CAN-16587.patch https://www.openwall.com • CWE-20: Improper Input Validation CWE-179: Incorrect Behavior Order: Early Validation CWE-1173: Improper Use of Validation Framework •

CVSS: 6.8EPSS: 6%CPEs: 16EXPL: 0

Integer underflow in the unlzw function in unlzw.c in gzip before 1.4 on 64-bit platforms, as used in ncompress and probably others, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted archive that uses LZW compression, leading to an array index error. Desbordamiento de entero en la función unlzw en unlzw.c en gzip anterior a v1.4 sobre las plataformas de 64 bits, permiten a atacantes remotos provocar una denegación de servicio (caída de aplicación) o posiblemente ejecutar código de su elección a través de un archivo manipulado que emplea la compresión LZW, permitiendo a un array indexar el error. • http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=a3db5806d012082b9e25cc36d09f19cd736a468f http://itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02286083 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://ncompress.sourceforge.net/#status http://savannah.gnu.org/forum/forum.php?forum_id=6153 http://secunia.com/advis • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •

CVSS: 6.8EPSS: 15%CPEs: 15EXPL: 0

The huft_build function in inflate.c in gzip before 1.3.13 creates a hufts (aka huffman) table that is too small, which allows remote attackers to cause a denial of service (application crash or infinite loop) or possibly execute arbitrary code via a crafted archive. NOTE: this issue is caused by a CVE-2006-4334 regression. La función huft_build en inflate.c en gzip anterior a v1.3.13 crea una tabla hufts (también conocido como huffman) demasiado pequeña, lo que permite a atacantes remotos provocar una denegación de servicio (caída de aplicación o buble infinito), o posiblemente la ejecución de código de su elección a través de un archivo manipulado. NOTA: esta vulnerabilidad está provocada por una regresión del CVE-2006-4334. • http://article.gmane.org/gmane.comp.gnu.gzip.bugs/258 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=507263 http://git.savannah.gnu.org/cgit/gzip.git/commit/?id=39a362ae9d9b007473381dba5032f4dfc1744cf2 http://lists.apple.com/archives/security-announce/2010//Nov/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00009.html http://secunia.com/advisories/38132 http://secunia.com/advisories/38223 http://secunia.com/advisories/38232 http://support.apple.com/kb&# • CWE-20: Improper Input Validation •

CVSS: 4.6EPSS: 0%CPEs: 3EXPL: 0

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/18100 http://secunia.com/advisories/19183 http://secunia.com/advisories/2 •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=305255 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html http://marc.info/?l=bugtraq&m=111402732406477&w=2 http://rhn.redhat.com/errata/RHSA-2005-357.html http://secunia.com/advisories/15047 http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/ •